SlideShare uma empresa Scribd logo

Cybersecurity of Physical Systems

Transferir como PPTX, PDF
Erin Hillier
Erin Hillier

This document provides an overview of a course on Cyber Physical Systems Security. The course will explore security techniques for networks and control systems that integrate technologies like computers, PLCs, interfaces and microprocessor devices. It will examine real threats to industrial automation systems and explore standards-based approaches to protecting these systems. Students will learn about different types of attacks, vulnerability assessments, and techniques for securing networks of devices. The objectives are for students to understand SCADA/ICS components and applications, security guidelines, and how to differentiate and secure against various attacks.

Educação
1 de 8
1 CYBER PHYSICAL SYSTEMS SECURITY Week 1 Overview
Course Description Cyber Physical Systems Security introduces the techniques, methodologies, and tools used in building and maintaining secure networks and control systems.These systems rely on unification of technologies such as computers, Programmable LogicControllers, operator interfaces, and microprocessor based devices together into Supervisory, Control and Data Acquisition (SCADA) or Industrial Control Systems (ICS). After exploring the real-world threats and vulnerabilities that exist within the industrial automation and control system architectures, a standards based approach is explored for the protection of such systems, taking into consideration the procedural and technical differences between security for traditional IT environments and those solutions appropriate for SCADA or ICS.
Required Texts Labs • Arduino One • Sensor Kit Bodungen, C. (2016). Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions. McGraw- Hill Education. ISBN: 978-1259589713
Introduction  Welcome to the class  Over the next session, we will explore many different facets of Cyber Physical Systems Security that impact us each and every day. You will learn how security plays a vital role in this and what must be done to protect ourselves from the “rise of the machines.”
Objectives  At the end of the course, students should have demonstrated their ability to:  Appraise the different components, communication systems, and timing requirements used in SCADAICS  Identify the economic benefits of SCADAICS systems  Illustrate how SCADAICS is applied to real world applications  Evaluate industrial security guidelines  Differentiate between different types of attacks that can be launched against systems  Demonstrate different vulnerability assessment procedures  Demonstrate the techniques for securing a network of devices 5
TERMINOLOGY
 Incident/Exposure – An unauthorized event that could lead to a process control system to deviate from normal operation  Risk –The likelihood that an attack, incident, or exposure could occur and the severity of impact that it could have on your systems or organization  Threat (a.k.a. – “Threat Source”, “Threat Agent”) –The actual source of the risk.The person or thing that takes advantage of, uses, or causes a vulnerability either intentionally or unintentional  Vulnerability – A set of conditions causing the presence of a weakness, of which a threat can take advantage. This could be a technical weakness, procedural weakness, or human weakness  Exploit – 1. nThe means by which a vulnerability is taken advantage of 2. vTo take advantage of a vulnerability; the attack itself  Attack –The result of the presence of aThreat taking advantage of a Vulnerability, through a successful Exploit  AttackVector –The environment in which the attack will take place. (i.e. – physical, operations, cyber, computer memory space, a website, etc.) Terminology
State of the Industry SCADA in the past Isolated from IT SCADA, ICS, DCS, Industrial Networks all relatively unheard of Used legacy equipment SCADA Now Connectivity to enterprise / IP New, network-based attack vectors Increasing use of commercial off-the-shelf (COTS) software Increased use of MicrosoftWindows Unpatched systems Brings pre-existing vulnerabilities back Virus/malware propagation Flat networks and Dual-homed systems “IT vs. SCADA”, “Them vs. Us” Experts Claim “Lost Decade” (in terms of security) Due to “Failure to Act”

Recomendados

5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
MEN Mikro Elektronik GmbH
 
Health information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information securityHealth information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information security
Dr. Lasantha Ranwala
 
Health information security session 4 risk management
Health information security session 4 risk managementHealth information security session 4 risk management
Health information security session 4 risk management
Dr. Lasantha Ranwala
 
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Tonex
 
Control System Cyber Security - A Different Approach
Control System Cyber Security - A Different ApproachControl System Cyber Security - A Different Approach
Control System Cyber Security - A Different Approach
Jim Cahill
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
Sejahtera Affif
 

Recomendados

5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
MEN Mikro Elektronik GmbH
 
Health information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information securityHealth information secuirty session 5 best practise in information security
Health information secuirty session 5 best practise in information security
Dr. Lasantha Ranwala
 
Health information security session 4 risk management
Health information security session 4 risk managementHealth information security session 4 risk management
Health information security session 4 risk management
Dr. Lasantha Ranwala
 
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Cybersecurity Applied to Embedded Systems, Fundamentals of Embedded Systems a...
Tonex
 
Control System Cyber Security - A Different Approach
Control System Cyber Security - A Different ApproachControl System Cyber Security - A Different Approach
Control System Cyber Security - A Different Approach
Jim Cahill
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
Cscu module 01 foundations of security
Cscu module 01 foundations of securityCscu module 01 foundations of security
Cscu module 01 foundations of security
Sejahtera Affif
 
Mini IT Security Assessment
Mini IT Security AssessmentMini IT Security Assessment
Mini IT Security Assessment
GuardEra Access Solutions, Inc.
 
Malware is NOT Magic
Malware is NOT MagicMalware is NOT Magic
Malware is NOT Magic
EnergySec
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
aizazhussain234
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9
Ian Sommerville
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
Simeon Ogao
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
Divya Tiwari
 
Physical Security
Physical SecurityPhysical Security
Physical Security
Kriscila Yumul
 
Application Security
Application SecurityApplication Security
Application Security
John Rauser
 
Self defending networks
Self defending networksSelf defending networks
Self defending networks
Ravi Kumar Pawanism
 
Self Defending Network
Self Defending NetworkSelf Defending Network
Self Defending Network
Swarna Gautam
 
Security Vulnerabilities in Modern Operating Systems
Security Vulnerabilities in Modern Operating SystemsSecurity Vulnerabilities in Modern Operating Systems
Security Vulnerabilities in Modern Operating Systems
Cisco Canada
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdf
Ming Man Chan
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
OPSWAT
 
Information security policy
Information security policyInformation security policy
Information security policy
BalachanderThilakar1
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security Training
Tonex
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
ankitmehta21
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander
EC-Council
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
ciso_insights
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
Wilkins Consulting, LLC
 
Jb ia
Jb iaJb ia
Jb ia
Deepal Samaraweera
 
About the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docxAbout the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docx
aryan532920
 

Mais conteúdo relacionado

Mais procurados

Malware is NOT Magic
Malware is NOT MagicMalware is NOT Magic
Malware is NOT Magic
EnergySec
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9
Ian Sommerville
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security Training
Tonex
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
ankitmehta21
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
ciso_insights
 

Mais procurados (20)

Mini IT Security Assessment
Mini IT Security AssessmentMini IT Security Assessment
Mini IT Security Assessment
 
Malware is NOT Magic
Malware is NOT MagicMalware is NOT Magic
Malware is NOT Magic
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Physical Security
Physical SecurityPhysical Security
Physical Security
 
Application Security
Application SecurityApplication Security
Application Security
 
Self defending networks
Self defending networksSelf defending networks
Self defending networks
 
Self Defending Network
Self Defending NetworkSelf Defending Network
Self Defending Network
 
Security Vulnerabilities in Modern Operating Systems
Security Vulnerabilities in Modern Operating SystemsSecurity Vulnerabilities in Modern Operating Systems
Security Vulnerabilities in Modern Operating Systems
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdf
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
 
Information security policy
Information security policyInformation security policy
Information security policy
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security Training
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses5 Step Data Security Plan for Small Businesses
5 Step Data Security Plan for Small Businesses
 

Semelhante a Cybersecurity of Physical Systems

About the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docxAbout the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docx
aryan532920
 
About the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docxAbout the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docx
bartholomeocoombs
 
Ch2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfCh2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdf
mominabotayea1997
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
dr_edw777
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
Yury Chemerkin
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superworm
UltraUploader
 
L11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptxL11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptx
StevenTharp2
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 
Substation Cyber Security
Substation Cyber SecuritySubstation Cyber Security
Substation Cyber Security
Schneider Electric
 

Semelhante a Cybersecurity of Physical Systems (20)

Jb ia
Jb iaJb ia
Jb ia
 
About the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docxAbout the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docx
 
About the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docxAbout the PresentationsThe presentations cover the objectives .docx
About the PresentationsThe presentations cover the objectives .docx
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
PPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptxPPT0-Computer Security Concepts.pptx
PPT0-Computer Security Concepts.pptx
 
Network Security
Network Security Network Security
Network Security
 
Intro
IntroIntro
Intro
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Ch2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdfCh2 Introduction to Information Security (3).pdf
Ch2 Introduction to Information Security (3).pdf
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superworm
 
L11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptxL11 Transition And Key Roles and SAT ROB IRP.pptx
L11 Transition And Key Roles and SAT ROB IRP.pptx
 
I0516064
I0516064I0516064
I0516064
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
 
information security management
information security managementinformation security management
information security management
 
Substation Cyber Security
Substation Cyber SecuritySubstation Cyber Security
Substation Cyber Security
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
ch01_nemo-Pendahuluan.ppt
ch01_nemo-Pendahuluan.pptch01_nemo-Pendahuluan.ppt
ch01_nemo-Pendahuluan.ppt
 

Último

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Último (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 

Cybersecurity of Physical Systems

  • 1. 1 CYBER PHYSICAL SYSTEMS SECURITY Week 1 Overview
  • 2. Course Description Cyber Physical Systems Security introduces the techniques, methodologies, and tools used in building and maintaining secure networks and control systems.These systems rely on unification of technologies such as computers, Programmable LogicControllers, operator interfaces, and microprocessor based devices together into Supervisory, Control and Data Acquisition (SCADA) or Industrial Control Systems (ICS). After exploring the real-world threats and vulnerabilities that exist within the industrial automation and control system architectures, a standards based approach is explored for the protection of such systems, taking into consideration the procedural and technical differences between security for traditional IT environments and those solutions appropriate for SCADA or ICS.
  • 3. Required Texts Labs • Arduino One • Sensor Kit Bodungen, C. (2016). Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions. McGraw- Hill Education. ISBN: 978-1259589713
  • 4. Introduction  Welcome to the class  Over the next session, we will explore many different facets of Cyber Physical Systems Security that impact us each and every day. You will learn how security plays a vital role in this and what must be done to protect ourselves from the “rise of the machines.”
  • 5. Objectives  At the end of the course, students should have demonstrated their ability to:  Appraise the different components, communication systems, and timing requirements used in SCADAICS  Identify the economic benefits of SCADAICS systems  Illustrate how SCADAICS is applied to real world applications  Evaluate industrial security guidelines  Differentiate between different types of attacks that can be launched against systems  Demonstrate different vulnerability assessment procedures  Demonstrate the techniques for securing a network of devices 5
  • 7.  Incident/Exposure – An unauthorized event that could lead to a process control system to deviate from normal operation  Risk –The likelihood that an attack, incident, or exposure could occur and the severity of impact that it could have on your systems or organization  Threat (a.k.a. – “Threat Source”, “Threat Agent”) –The actual source of the risk.The person or thing that takes advantage of, uses, or causes a vulnerability either intentionally or unintentional  Vulnerability – A set of conditions causing the presence of a weakness, of which a threat can take advantage. This could be a technical weakness, procedural weakness, or human weakness  Exploit – 1. nThe means by which a vulnerability is taken advantage of 2. vTo take advantage of a vulnerability; the attack itself  Attack –The result of the presence of aThreat taking advantage of a Vulnerability, through a successful Exploit  AttackVector –The environment in which the attack will take place. (i.e. – physical, operations, cyber, computer memory space, a website, etc.) Terminology
  • 8. State of the Industry SCADA in the past Isolated from IT SCADA, ICS, DCS, Industrial Networks all relatively unheard of Used legacy equipment SCADA Now Connectivity to enterprise / IP New, network-based attack vectors Increasing use of commercial off-the-shelf (COTS) software Increased use of MicrosoftWindows Unpatched systems Brings pre-existing vulnerabilities back Virus/malware propagation Flat networks and Dual-homed systems “IT vs. SCADA”, “Them vs. Us” Experts Claim “Lost Decade” (in terms of security) Due to “Failure to Act”